For over 140 years, Marks & Spencer (M&S) has been a fixture of Britain’s retail landscape, but the department store has faced sharp losses and operational issues following a devastating cyberattack.
Shortly after the April ransomware incident, M&S halted online and in-app order—services the retailer has yet to restore. According to Reuters, Marks & Spencer hasn’t resumed its online operations out of an abundance of caution.
A group of hackers gained access to the store’s systems and threatened to shut down the company’s network if a ransom wasn’t paid. M&S refused to succumb to the threat actors’ demands and is now working to restore all its systems.
The attack is estimated to have cost Marks & Spencer $80 million, but the impacts could go beyond monetary losses. While M&S said it was surprised by customers’ willingness to shop in-store, store-sourced voices raised concerns that customers could eventually lose patience with the lack of digital options—potentially leading to reputational ramifications if the outage persists.
Aggressive, Creative, and Effective
The M&S attack was the handiwork of a loosely affiliated network of hackers known as Scattered Spider, which has carried out attacks around the globe. A smaller group within the network, called DragonForce, is behind the M&S hack as well as similar efforts against UK retailers Harrods and the Co-op.
Though British merchants have been the initial targets, Google recently warned that Scattered Spider could be just as likely to target their U.S. counterparts.
“US retailers should take note,” John Hultquist, Cybersecurity Analyst at Google, told The Independent. “These actors are aggressive, creative, and particularly effective at circumventing mature security programs.”
The Magnitude of These Attacks
Bad actors targeting large organizations is not a novel phenomenon, but the scale of damage is broadening. For example, crypto exchange Coinbase was recently hacked in an incident that could cost the company up to $400 million, after cybercriminals bribed Coinbase contractors to divulge protected customer data.
Similarly, the M&S breach derived from a contractor relationship. At least two logins used in the hack were linked to Tata Consulting Services, a company that provides IT and help desk services for the retailer.
The magnitude of these attacks will likely prompt many organizations to reevaluate their partnerships and reassess their security measures. However, as criminals become increasingly innovative, businesses will also need to find creative ways to defend themselves.
